Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Security Scan Now Available In Ez Admin Helper Rate Topic   * * * * - 1 votes

 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11204 posts

Posted 25 June 2015 - 11:05 PM #1

EZ Merchant Solutions is happy to announce that we have added security intrusion detection to our EZ Admin Helper addon.

There are several known intrusions that have occurred over the past year or so. Each of these has a unique signature and can be detected if present.

The new "Check security intrusion" action in EZ Admin Helper will scan your site for these intrusions and tell you what if finds. It has options for displaying "fail only" results so that cron emails won't happen unless an intrusion is actually detected.

Please note that this action checks for known intrusions only. It is NOT a substitute for regular scanning of your system for malware and will not detect anything where the signature is unknown to us.

Currently, the following intrusions are detected:
  • Whether the payment methods that were vulnerable have been removed or repaired.
  • Payment cache vulnerability
  • Images cache vulnerability
  • Variety of image files and/or JS files that shouldn't be on your site and are known to be an issue
There is also an option to dump the cscart_images_cache table (if it's detected) to a file and decode it so you can identify which of your client's personal information (including credit cards) may have been compromised.

The product detail page is here and the PDF documentation can be viewed in the Attachments tab or from this document location.

Price remains the same at $34.99usd (might be the best 40 bucks you've ever spent).

If you become aware of any other intrusions to cs-cart, we will be happy to update this action to detect those intrusions as well. Please use the contact us link to provide us with details.

Note that in the addon, intrusions are detected ONLY, they are not removed. Removal requires manual inspection and removal. We can also provide this service if need be. Again, simply contact us and we'll be happy to help.

The current list of actions in EZ Admin Helper are as follows:
Clear cache
Clear template cache (V4+ only)
Clear thumb cache
Clear logs
Clear statistics
Clear carts
Backup site
Optimize database
Backup database
Update currencies
Monitor files
Reset user passwords
Change admin url
Check detailed images (V4+ only)
Check security intrusions (V4+ only)

The goal of this addon is simply to make your life a little bit easier by giving you the option to launch common tasks easily from one location or to schedule them to be done automatically.

EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • Mongoose
  • Senior Member
  • Members
  • Join Date: 08-Mar 13
  • 974 posts

Posted 27 June 2015 - 01:30 PM #2

Tony

This great add on for which I have now purchased version 4.2 from you is that one also ready for deployment on V4.3.2 ?

Attached Files


CS Cart Evangelist - running CS Cart 4.7.4 in three domains


 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11204 posts

Posted 27 June 2015 - 07:32 PM #3

Yes, the addon is fully compatible with V4.3.2.

What the error message means is that (like it says) you have ownership/permission issues on your site that prevent that addon from upgrading itself. I.e. the archive read from our upgrade server can't be installed.

Usually this is caused by files/directories not being owned (or writeable) by the user which PHP is running as.

Suggest you have your site administrator (or your hosting company) ensure that your whole store can be read/written by the PHP process that is executing it.

Updated note: after you make your changes, you can force the upgrade to occur by doing:
[your_domain_admin.php]?dispatch=ez_maint.upgrade.force

Edited by tbirnseth, 27 June 2015 - 07:35 PM.

EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • Mongoose
  • Senior Member
  • Members
  • Join Date: 08-Mar 13
  • 974 posts

Posted 28 June 2015 - 01:49 PM #4

Yes, the addon is fully compatible with V4.3.2.

What the error message means is that (like it says) you have ownership/permission issues on your site that prevent that addon from upgrading itself. I.e. the archive read from our upgrade server can't be installed.

Usually this is caused by files/directories not being owned (or writeable) by the user which PHP is running as.

Suggest you have your site administrator (or your hosting company) ensure that your whole store can be read/written by the PHP process that is executing it.

Updated note: after you make your changes, you can force the upgrade to occur by doing:
[your_domain_admin.php]?dispatch=ez_maint.upgrade.force


Tony

A few things

1. I am the host and I set the permissions as root by 777 for the directories /ez_maint/ and
I ran the force upgrade command

All I get back is

404

Page not found.

Any thoughts ?

Cheers

Anthony

CS Cart Evangelist - running CS Cart 4.7.4 in three domains


 
  • Mongoose
  • Senior Member
  • Members
  • Join Date: 08-Mar 13
  • 974 posts

Posted 28 June 2015 - 02:00 PM #5

can't remove this single post in this thread - please ignore

CS Cart Evangelist - running CS Cart 4.7.4 in three domains


 
  • Mongoose
  • Senior Member
  • Members
  • Join Date: 08-Mar 13
  • 974 posts

Posted 28 June 2015 - 02:01 PM #6

Let me show you the file structure and the settings as it is:


CS Cart Evangelist - running CS Cart 4.7.4 in three domains


 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11204 posts

Posted 29 June 2015 - 05:33 PM #7

What's the URL of the 404? But my best is there is still a ownership/permission issue and it can't execute a script it expects to be there. Note that we use internal cs-cart routines for extraction, etc. The error reporting of these is usually non-existent so we can't detect if an archive fails to install until we go to execute a script within it.

Personally, I would be running php as suPHP and then have all directories 755 and files 644 both owned and group-owership by the php USER and GROUP that PHP runs as.

The upgrade process is basically...
  • Download the archive from our server to var/ez_upgrade/[addon name]
  • Create a backup of the currently installed addon in var/ez_backup
  • Extract the new archive in the root of the store
  • Run any addon/upgrade specific scripts need to be run
  • Run a general "all versions" script for the addon
So a permissions issue could occur at any of those points if the system is not setup to enable the application (cs-cart) to add/modify/delete files/directories.

Why don't you contact us and we can then get access to your site and help you out. Guessing at these type of things is not usually too fruitful.

Note that all cs-cart V4 sites that have EZ Admin Helper should have been upgraded to V4.2.19 of the addon by now and this is the only instance of an upgrade issue reported so far. Of course that doesn't mean there aren't others, just none reported.

Edited by tbirnseth, 29 June 2015 - 05:47 PM.

EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • Mongoose
  • Senior Member
  • Members
  • Join Date: 08-Mar 13
  • 974 posts

Posted 26 July 2015 - 07:07 PM #8

Your great addon Tony is running smooth like a never before. The issues we had were solely due to problems with the permission settings in cpanel which by the way was neatly fixed by the support dep. of cpanel inc.

CS Cart Evangelist - running CS Cart 4.7.4 in three domains


 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11204 posts

Posted 26 July 2015 - 07:33 PM #9

Good to hear. We know there are issues with the site backup action (times out and fails on some sites) but we're working on it. Think we're going to move away from the Phar extension and go back to the older (and more effecient) Tar class.

Update: We just released a new version that uses the older PEAR Archive Tar class which runs about 10x faster than the new Phar extension. So site backups now work quickly and efficiently.

Edited by tbirnseth, 26 July 2015 - 09:04 PM.

EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • remoteone
  • Member
  • Members
  • Join Date: 06-Oct 09
  • 705 posts

Posted 06 July 2016 - 02:56 PM #10

Hi,

One thing that is an issue with the admin side of CSC is the need to turn off Mod_security in cPanel/.htaccess to allow saving of (just about any) content. The latest problem was that I could not create a new Order Status until I turned it off.

Im wondering if there is any functionality that could be added to EZ admin helper to turn off mod_sec automatically when admin sessions are active?



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11204 posts

Posted 06 July 2016 - 07:52 PM #11

Unfortunately, mod_security is an Apache level action which is performed before PHP is loaded and before the page is loaded.

 

You should be able to set the proper mod_security settings for cs-cart.  Please review the knowledge base and it will tell you the settings you need to turn off or modify.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.